The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core functionality of processing untrusted project data. * Ingestion points: The scripts/project_analyzer.py script reads README.md, CODEOWNERS, pyproject.toml, and other source files which are attacker-controlled if the repository is untrusted. * Boundary markers: There are no boundary markers or instructions to ignore embedded commands mentioned in the workflow. * Capability inventory: The skill uses uv run to execute multiple local Python scripts and writes files to the .datadog/ directory. * Sanitization: No sanitization or validation of the ingested metadata is described before it is used to generate YAML or drive the 'Engineer Interview'.
[COMMAND_EXECUTION] (MEDIUM): The skill performs broad filesystem scanning using scripts/project_analyzer.py. The documentation explicitly lists .env as a target for metadata extraction. Reading environment files is a high-risk pattern (Category 2: Exposure) that can lead to credential leakage if the agent's output is redirected or if the logic is subverted via prompt injection.

datadog-entity-generator